The Nebula architecture consists of a few components working together to protect your endpoints. This article explains each piece of the architecture.
- Nebula Console: Provides centralized management of devices through a web-based user interface. Use the console to configure policy settings, view quarantined items, and monitor endpoint activity.
- Cloud Servers: Store and relay endpoint information between Nebula and your devices.
- Endpoint Agent: The software installed on a device that communicates with the cloud servers. Devices with the software installed are referred to as endpoints.
Nebula Plugins: Software components installed on endpoints that perform tasks, run scans, and protect the device. These are automatically installed based on the policy settings applied to the endpoint. The installed plugins can be viewed from the Manage > Endpoints page. Click on an endpoint and look under the Agents and plugins section.
- Agent Version: The core component of the Endpoint Agent that communicates with Nebula and manages plugin components.
- Endpoint Detection and Response: The plugin responsible for collecting data to identify Suspicious Activity, perform Ransomware Rollback backups, and Endpoint Isolation.
- Endpoint Protection: The plugin that controls and manages the protection layers.
- Endpoint Protection protection update: Rules and heuristics to identify malware.
- Protection service version: The primary service that provides real-time protection and Device Control.
- Component package version: The package that contains the controllers and components that power the protection layers.
- Asset Manager: The plugin that collects information about the endpoint including installed, startup, and other software.
- Brute Force Protection: The plugin that monitors failed Windows™ protocol login attempts and creates a Windows Firewall rule to temporarily block the incoming IP address.
- Active Response Shell: The plugin that allows you to run Active Response Shell on an endpoint.
- SIEM: The plugin used to communicate with a Syslog server.